CVE-2026-40352

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...

CVE-2026-40351

Summary: CVE-2026-40351 affects FastGPT. In versions prior to 4.14.9.5, the password login endpoint uses TypeScript type assertions without runtime validation, allowing an unauthenticated attacker to provide a MongoDB query operator as the password (e.g., {"$ne": ""}), bypassing authentication an...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3023

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...

CVE-2026-3023

CVE-2026-3023 affects the Wakyma web application, specifically the endpoint VetS.wakyma.com/pets/print-tags. The issue is a NoSQL injection (NoSQLi) in a POST request that authenticated users can abuse to inject NoSQL commands, enabling listing of pets and owner names. Multiple connected entries ...

CVE-2026-3022

The CVE-2026-3022 entry concerns the Wakyma web application. A NoSQL injection (NoSQLi) vulnerability exists in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary, where an authenticated user can modify a POST request to inject NoSQL commands and potentially access cust...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma application web

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/centro/equipo/empleado. This vulnerability could allow authenticated users to enumerate...

PT-2026-25670

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

Wakyma 安全漏洞

Wakyma is a pet management application developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow authenticated users to list pets and...

Wakyma 安全漏洞

Wakyma is a pet management app developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from a non-relational database injection in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary. This vulnerability could allow authenticated...

BIT-PARSE-2026-30941 Parse Server has a NoSQL injection via token type in password reset and email verification endpoints

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email verification...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from the direct embedding of MongoDB query selectors into user inputs in the account...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from issues wit...

CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

Apache Kvrocks Information Disclosure Vulnerability

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...

API Attack Awareness: Injection Attacks in APIs – Old Threat, New Surface

Injection attacks are among the oldest tricks in the attacker playbook. And yet they persist. The problem is that the core weakness, trusting user inputs too much, keeps resurfacing in new forms. As organizations have shifted to API-driven architectures and integrated AI systems that consume...